Venom Less Toxic Than HeartbleedMay 20, 2015
It was a little over a year ago that the Heartbleed bug shocked the Internet with its potential for mischief. Now another flaw in open source code has sent network administrators into damage control mode. The bug, called "Venom" for "Virtualized Environment Neglected Operations Manipulation," allows an intruder to jump out of a virtual machine and execute malicious code on its host.

5 IT Security Implementation MythsMay 19, 2015
There's a common perception that implementing comprehensive IT security to protect against today's sophisticated threats and attacks is a difficult and expensive task, and that the benefits of replacing current solutions (even if highly ineffective) are seldom worthwhile. This mindset has resulted in many businesses dealing with a virtual patchwork of disparate systems.

FireEye, Microsoft Outsmart Clever Chinese MalwareMay 15, 2015
FireEye and Microsoft have scotched a scheme by a group of cybercriminals based in China to use an IT pro forum to hide malicious activity, according to a report released Thursday. The Chinese gang known as "APT17" devised the scheme, which uses forum pages and profiles on Microsoft's TechNet, to cover traffic from machines infected with the group's Black Coffee malware.

Venom Vulnerability Could Violate Virtual MachinesMay 14, 2015
Crowdstrike on Wednesday made public its discovery of yet another long-buried Linux vulnerability. "Venom," as it has been dubbed, was unearthed by the firm's senior security researcher, Jason Geffner. It is listed as vulnerability CVE-2015-3456. Venom exists in the virtual floppy drive code used by virtualization platforms based on QEMU, or quick emulator. It has been around since 2004.

Feds Value - but Don't Always Use - Big Data Tools for CybersecurityMay 13, 2015
U.S. government agencies can significantly improve their ability to deal with cybersecurity problems by utilizing big data analytics. However, agencies are finding it difficult to fully benefit from these advanced analytical tools for a variety of reasons -- including dealing with the sheer volume of data. Cyberthreats hide in plain sight, suggests a recent report from MeriTalk.

Big Data Analytics Fights Insider ThreatsMay 13, 2015
Cyberdefenders for years have adopted Fort Apache strategies to protect their networks. Strong perimeters could prevent attackers from reaching precious data, they reasoned. As technology marched on, however, the idea of an impermeable wall became as quaint as the Maginot Line on the eve of World War II. Firewalls alone no longer were strong enough to keep data safe.

Mumblehard Malware Mugs Linux ServersMay 5, 2015
A family of Linux malware targeting Linux and BSD servers has been lurking around for five years. Dubbed "Linux/Mumblehard," the malware contains a backdoor and a spamming daemon, both written in Perl. The components are mainly Perl scripts encrypted and packed inside an executable and linkable format, or ELF, said Eset. In some cases, one ELF executable with a packer nests inside another.

Report: Top Endpoint Security Packages Perfectly Foil Drive-By AttacksMay 5, 2015
Drive-by attacks on the Internet are a particularly pernicious form of online threat, especially for individual Web surfers. On the corporate level, though, a company with good endpoint protection software can foil the malicious practice. A drive-by occurs when an infected website automatically downloads malware onto a Net traveler's computer. Endpoint solutions can thwart those kinds of attacks.

Our Bodies, Our Security: Biometrics vs. PasswordsMay 4, 2015
Text-based usernames and password pairs should be replaced with biometric credentialing, such as vein recognition and ingestible security tokens, suggests Johnathan LeBlanc, PayPal's global head of developer evangelism. Celebrities have been mortified, Sony Pictures Entertainment brought to its knees, and Home Depot sent scrambling to EuroPay Mastercard Visa's chip and pin earlier than mandated.

Apple Watch Could Be a Password AlternativeApril 30, 2015
With password tolerance levels at an all time low, alternatives to the pesky and insecure authenticators are beginning to abound. One of those alternatives could be the Apple Watch. Even before Apple's latest gadget began shipping last week, MicroStrategy announced it was extending its Usher enterprise security solution to the Apple Watch. Usher on the Apple Watch allows it to act as a digital key.

IoT: Why Security Pros Need to Prepare NowApril 29, 2015
Have you ever heard of the Cullinan diamond? If you haven't, it was the largest diamond ever discovered: a 3106 carat diamond found in 1905 in South Africa. What's interesting about the Cullinan diamond isn't so much the discovery of the stone itself but what happened afterward: specifically, the cutting of the diamond. The Cullinan diamond was split into a number of smaller pieces.

VCs Cough Up $100M for Cybersecurity Startup IllumioApril 23, 2015
Illumio, a 2-year-old cybersecurity startup, last week announced it had raised $100 million in a Series C round of financing, bringing its total funding over the past 27 months to more than $142 million. Illumio will use the fresh funds to meet demand for its Adaptive Security Platform software, to invest in R&D, to grow sales and marketing efforts, and to fuel international expansion.

Breach Outbreaks Fuel Encryption AdoptionApril 22, 2015
As data breaches make headlines around the world, more companies are turning to encryption to protect their information jewels. That is one of the findings in a study released Monday, conducted by the Ponemon Institute and sponsored by Thales E-Security.
"Mega breaches and cyber attacks have increased companies' urgency to improve their security posture," says the report.

Your Lawyer Is Vulnerable to CyberattacksApril 20, 2015
Lawyers help their clients as they negotiate confidential business transactions, hold intellectual property, manage funds and litigate disputes, among many other business activities. In the ordinary course of business, lawyers also maintain numerous confidential documents and data of and about their clients. Lawyers therefore have a big bull's-eye drawn on their backs, visible to cybercriminals.

Opening Windows Source Code Could Improve SecurityApril 16, 2015
Microsoft Technical Fellow Mark Russinovich raised a few eyebrows at ChefCon earlier this month, when he aired the possibility of Windows becoming an open source program. Sure, Microsoft's attitude toward the open source movement has mellowed over the years, but the prospect of the company rubbing elbows with the likes of Linux overloads the imagination.

Obama Draws Cyber Line in SandApril 2, 2015
President Barack Obama on Wednesday signed an executive order that gives the Secretary of Treasury the authority to impose sanctions on entities found responsible for or complicit in carrying out a cyberattack harmful to U.S. interests. The Secretary of Treasury will have to consult with the Secretary of State and the Attorney General before enacting the powers granted under the order.

Compliance Mindset Can Lead to Epic Security FailMarch 30, 2015
The recent data breach at Premera Blue Cross -- in which the personal information of some 11 million customers was compromised -- raises questions about how effective government regulators are at ensuring that healthcare providers adequately protect their patients' data. There have been abundant warnings that compliance with government regulations alone would not be adequate.

How Secure Is the Apple Watch?March 19, 2015
Apple typically has impeccable timing for its new product introductions, but that may not be the case with its new smartwatch. In a gala event last week, the company announced model and pricing details -- but that came just six days after questions were raised about the security of Apple Pay. Those questions haven't gone away, and now they're also being asked about the Apple Watch.

Windows Hello Waves Off PasswordsMarch 18, 2015
Microsoft on Tuesday announced Windows Hello, a feature that allows users to access computers and devices running Windows 10 via face recognition, iris identification or fingerprint matching. In addition, the company raised the curtain on Microsoft Passport, a programming system that IT managers, software developers and website authors can use for signing in to websites and applications.

BlackBerry, IBM, Samsung Come Together on High-Price, High-Security TabletMarch 17, 2015
BlackBerry subsidiary Secusmart on Monday introduced the SecuTablet, a high-security tablet based on the Samsung Galaxy Tab S 10.5, at the CeBIT 2015 trade show in Dusseldorf, Germany. Developed in collaboration with IBM, the tablet targets national and international public sector markets and enterprises. IBM provided the secure app wrapping technology.

RHEL 7 Atomic Host Bolsters Container SecurityMarch 9, 2015
Red Hat last week made Red Hat Enterprise Linux 7 Atomic Host generally available, following a four-month live beta test. "The beta release was very successful," said Lars Herrmann, senior director of product strategy at Red Hat. Feedback from customers and partners "helped us refine several features and tools" for the GA version. Atomic Host is a lean OS designed to run Docker containers.

Windows Caught in Path of FREAK Security StormMarch 6, 2015
Microsoft on Thursday issued a security advisory acknowledging a vulnerability in all versions of Windows that could allow FREAK exploits. Windows systems previously were thought to be immune to FREAK attacks. "The vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," the advisory reads.

Bracing for the Cyberthreat DelugeMarch 6, 2015
Almost 17,000 malware alerts surface every week, the Ponemon Institute recently found. Only 4 percent of alerts were investigated, and traditional antivirus products missed nearly 70 percent of malware in the first hour, researchers discovered in a recent Damballa study.
Rescanning led to identification of 66 percent of the malware in 24 hours and 72 percent after seven days.

China's Cybersecurity Plans Draw US FireMarch 5, 2015
China should change its tune on new rules for purchases from American high-tech companies if it wants to do business with the United States, President Obama recently warned. China reportedly is planning to ask U.S. high-tech firms to hand over their encryption keys and install security backdoors in their systems to allow surveillance as a counterterrorism measure.